Hello.
Ive been noticing for quite some time pptp brute force attempts.
Thing is attackers use a bot subnet so they dont get tracked by consecutive firewall logs, so each attempt appears to be a different host.
ex. 213.108.134.181
213.108.134.182
213.108.134.183
So is there any easy way to get live the attempt and extract the subnet so the whole /24 subnet gets added to the blocked src address list?